List of usage examples for javax.net.ssl KeyManagerFactory init
public final void init(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException
From source file:ch.admin.vbs.cube.core.webservice.CubeSSLSocketFactory.java
/** * Create a new SSL socket factory./*from w ww . j a v a 2 s. c o m*/ * * @param keyStoreBuilder * the key store builder * @param trustStore * the trust store * @param checkRevocation * <code>true</code> if certificate revocations should be * checked, else <code>false</code> * @throws WebServiceException * if the creation failed */ public static SSLSocketFactory newSSLSocketFactory(KeyStore.Builder keyStoreBuilder, KeyStore trustStore, boolean checkRevocation) throws WebServiceException { KeyManagerFactory keyManagerFactory; try { keyManagerFactory = KeyManagerFactory.getInstance("NewSunX509"); } catch (NoSuchAlgorithmException e) { String message = "Unable to create key manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } KeyStoreBuilderParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilder); try { keyManagerFactory.init(keyStoreBuilderParameters); } catch (InvalidAlgorithmParameterException e) { String message = "Unable to initialize key manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } TrustManagerFactory trustManagerFactory; try { trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); } catch (NoSuchAlgorithmException e) { String message = "Unable to create trust manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } PKIXBuilderParameters pkixBuilderParameters; try { pkixBuilderParameters = new PKIXBuilderParameters(trustStore, null); } catch (KeyStoreException e) { String message = "The trust store is not initialized"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } catch (InvalidAlgorithmParameterException e) { String message = "The trust store does not contain any trusted certificate"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } catch (NullPointerException e) { String message = "The trust store is null"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } pkixBuilderParameters.setRevocationEnabled(checkRevocation); CertPathTrustManagerParameters certPathTrustManagerParameters = new CertPathTrustManagerParameters( pkixBuilderParameters); try { trustManagerFactory.init(certPathTrustManagerParameters); } catch (InvalidAlgorithmParameterException e) { String message = "Unable to initialize trust manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { String message = "Unable to create SSL context"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } try { sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); } catch (KeyManagementException e) { String message = "Unable to initialize SSL context"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); return sslSocketFactory; }
From source file:test.integ.be.fedict.trust.SSLTrustValidatorTest.java
@Test public void testTestEIDBelgiumBe() throws Exception { Security.addProvider(new BeIDProvider()); SSLContext sslContext = SSLContext.getInstance("TLS"); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("BeID"); keyManagerFactory.init(null); SecureRandom secureRandom = new SecureRandom(); sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[] { new ClientTestX509TrustManager() }, secureRandom);/* w ww . j a v a2 s . co m*/ SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket("test.eid.belgium.be", 443); LOG.debug("socket created"); SSLSession sslSession = sslSocket.getSession(); Certificate[] peerCertificates = sslSession.getPeerCertificates(); for (Certificate peerCertificate : peerCertificates) { LOG.debug("peer certificate: " + ((X509Certificate) peerCertificate).getSubjectX500Principal()); } MemoryCertificateRepository repository = new MemoryCertificateRepository(); repository.addTrustPoint((X509Certificate) peerCertificates[peerCertificates.length - 1]); TrustValidator trustValidator = new TrustValidator(repository); TrustValidatorDecorator trustValidatorDecorator = new TrustValidatorDecorator(); trustValidatorDecorator.addDefaultTrustLinkerConfig(trustValidator); trustValidator.isTrusted(peerCertificates); }
From source file:test.integ.be.fedict.commons.eid.client.SSLTest.java
@Test public void testTestEIDBelgiumBe() throws Exception { Security.addProvider(new BeIDProvider()); SSLContext sslContext = SSLContext.getInstance("TLS"); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("BeID"); keyManagerFactory.init(null); SecureRandom secureRandom = new SecureRandom(); sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[] { new ClientTestX509TrustManager() }, secureRandom);/* w ww. j a v a 2 s .c om*/ SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket("test.eid.belgium.be", 443); LOG.debug("socket created"); SSLSession sslSession = sslSocket.getSession(); Certificate[] peerCertificates = sslSession.getPeerCertificates(); for (Certificate peerCertificate : peerCertificates) { LOG.debug("peer certificate: " + ((X509Certificate) peerCertificate).getSubjectX500Principal()); } }
From source file:net.java.sip.communicator.impl.certificate.CertificateServiceImpl.java
public SSLContext getSSLContext(String clientCertConfig, X509TrustManager trustManager) throws GeneralSecurityException { try {//from www . ja v a2 s . c om if (clientCertConfig == null) return getSSLContext(trustManager); CertificateConfigEntry entry = null; for (CertificateConfigEntry e : getClientAuthCertificateConfigs()) { if (e.getId().equals(clientCertConfig)) { entry = e; break; } } if (entry == null) throw new GeneralSecurityException( "Client certificate config with id <" + clientCertConfig + "> not found."); final KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509"); kmf.init(new KeyStoreBuilderParameters(loadKeyStore(entry))); return getSSLContext(kmf.getKeyManagers(), trustManager); } catch (Exception e) { throw new GeneralSecurityException("Cannot init SSLContext", e); } }
From source file:davmail.http.DavGatewaySSLProtocolSocketFactory.java
private SSLContext createSSLContext() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyManagementException, KeyStoreException { // PKCS11 client certificate settings String pkcs11Library = Settings.getProperty("davmail.ssl.pkcs11Library"); String clientKeystoreType = Settings.getProperty("davmail.ssl.clientKeystoreType"); // set default keystore type if (clientKeystoreType == null || clientKeystoreType.length() == 0) { clientKeystoreType = "PKCS11"; }/*from ww w. j ava2 s. c o m*/ if (pkcs11Library != null && pkcs11Library.length() > 0 && "PKCS11".equals(clientKeystoreType)) { StringBuilder pkcs11Buffer = new StringBuilder(); pkcs11Buffer.append("name=DavMail\n"); pkcs11Buffer.append("library=").append(pkcs11Library).append('\n'); String pkcs11Config = Settings.getProperty("davmail.ssl.pkcs11Config"); if (pkcs11Config != null && pkcs11Config.length() > 0) { pkcs11Buffer.append(pkcs11Config).append('\n'); } SunPKCS11ProviderHandler.registerProvider(pkcs11Buffer.toString()); } KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(/*KeyManagerFactory.getDefaultAlgorithm()*/"NewSunX509"); ArrayList<KeyStore.Builder> keyStoreBuilders = new ArrayList<KeyStore.Builder>(); // PKCS11 (smartcard) keystore with password callback KeyStore.Builder scBuilder = KeyStore.Builder.newInstance("PKCS11", null, getProtectionParameter(null)); keyStoreBuilders.add(scBuilder); String clientKeystoreFile = Settings.getProperty("davmail.ssl.clientKeystoreFile"); String clientKeystorePass = Settings.getProperty("davmail.ssl.clientKeystorePass"); if (clientKeystoreFile != null && clientKeystoreFile.length() > 0 && ("PKCS12".equals(clientKeystoreType) || "JKS".equals(clientKeystoreType))) { // PKCS12 file based keystore KeyStore.Builder fsBuilder = KeyStore.Builder.newInstance(clientKeystoreType, null, new File(clientKeystoreFile), getProtectionParameter(clientKeystorePass)); keyStoreBuilders.add(fsBuilder); } ManagerFactoryParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilders); keyManagerFactory.init(keyStoreBuilderParameters); // Get a list of key managers KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); // Walk through the key managers and replace all X509 Key Managers with // a specialized wrapped DavMail X509 Key Manager for (int i = 0; i < keyManagers.length; i++) { KeyManager keyManager = keyManagers[i]; if (keyManager instanceof X509KeyManager) { keyManagers[i] = new DavMailX509KeyManager((X509KeyManager) keyManager); } } SSLContext context = SSLContext.getInstance("SSL"); context.init(keyManagers, new TrustManager[] { new DavGatewayX509TrustManager() }, null); return context; }
From source file:davmail.util.ClientCertificateTest.java
private SSLContext createSSLContext() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyManagementException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException { // PKCS11 client certificate settings String pkcs11Library = Settings.getProperty("davmail.ssl.pkcs11Library"); String clientKeystoreType = Settings.getProperty("davmail.ssl.clientKeystoreType"); // set default keystore type if (clientKeystoreType == null || clientKeystoreType.length() == 0) { clientKeystoreType = "PKCS11"; }/* w w w . j a va 2s. co m*/ if (pkcs11Library != null && pkcs11Library.length() > 0 && "PKCS11".equals(clientKeystoreType)) { StringBuilder pkcs11Buffer = new StringBuilder(); pkcs11Buffer.append("name=DavMail\n"); pkcs11Buffer.append("library=").append(pkcs11Library).append('\n'); String pkcs11Config = Settings.getProperty("davmail.ssl.pkcs11Config"); if (pkcs11Config != null && pkcs11Config.length() > 0) { pkcs11Buffer.append(pkcs11Config).append('\n'); } SunPKCS11ProviderHandler.registerProvider(pkcs11Buffer.toString()); } String algorithm = KeyManagerFactory.getDefaultAlgorithm(); if ("SunX509".equals(algorithm)) { algorithm = "NewSunX509"; } else if ("IbmX509".equals(algorithm)) { algorithm = "NewIbmX509"; } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm); ArrayList<KeyStore.Builder> keyStoreBuilders = new ArrayList<KeyStore.Builder>(); // PKCS11 (smartcard) keystore with password callback KeyStore.Builder scBuilder = KeyStore.Builder.newInstance("PKCS11", null, getProtectionParameter(null)); //keyStoreBuilders.add(scBuilder); String clientKeystoreFile = Settings.getProperty("davmail.ssl.clientKeystoreFile"); String clientKeystorePass = Settings.getProperty("davmail.ssl.clientKeystorePass"); if (clientKeystoreFile != null && clientKeystoreFile.length() > 0 && ("PKCS12".equals(clientKeystoreType) || "JKS".equals(clientKeystoreType))) { // PKCS12 file based keystore KeyStore.Builder fsBuilder = KeyStore.Builder.newInstance(clientKeystoreType, null, new File(clientKeystoreFile), getProtectionParameter(clientKeystorePass)); keyStoreBuilders.add(fsBuilder); } System.setProperty("javax.net.debug", "ssl,handshake"); //try { Provider sunMSCAPI = new sun.security.mscapi.SunMSCAPI(); //Security.insertProviderAt(sunMSCAPI, 1); KeyStore keyStore = KeyStore.getInstance("Windows-MY", sunMSCAPI); keyStore.load(null, null); keyStoreBuilders.add(KeyStore.Builder.newInstance(keyStore, new KeyStore.PasswordProtection(null))); /*} catch (IOException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); }*/ ManagerFactoryParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilders); keyManagerFactory.init(keyStoreBuilderParameters); //keyManagerFactory.init(keyStore, null); // Get a list of key managers KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); // Walk through the key managers and replace all X509 Key Managers with // a specialized wrapped DavMail X509 Key Manager for (int i = 0; i < keyManagers.length; i++) { KeyManager keyManager = keyManagers[i]; if (keyManager instanceof X509KeyManager) { keyManagers[i] = new DavMailX509KeyManager((X509KeyManager) keyManager); } } //keyManagers = new KeyManager[]{new DavMailX509KeyManager(new X509KeyManagerImpl())} SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagers, new TrustManager[] { new DavGatewayX509TrustManager() }, null); return context; }